Running public Bind Server from behind firewall

Alton Yu alton at
Tue Jun 7 05:46:21 UTC 2005

John McGowan wrote:
> I've been running bind for a while now without any problems.  server is 
> on public ip space behind a L2 transparent firewall.
> I just reconfigured the server to be on a private ip address and moved 
> it behind a new firewall that is not a L2 transparent firewall.  I have 
> setup a "Mapped IP" on the firewall, but for some reason DNS doesn't 
> work like it should.  looks like responses to queries done by the dns 
> server aren't getting back. 
> The thing that's confusing me is that all other services on the machine 
> that were moved are working fine SMTP, POP, HTTP.  DNS is the only 
> service that is having problems.
> Is there something obvious that I would have to change in my named.conf 
> to support a bind server running on a private ip address behind a 
> firewall?  (keep in mind that the firewalls i'm running are identical 
> with identical policies, the only difference is the introduction of this 
> private ip network)
> /John

You might want to post your named.conf since we don't know how it's set
up. If you're not using views or anything like that, it's unlikely that
you should be running into problems. Do you have port 53 open for tcp
and udp? You may want both.

You might want to do a snoop or tcpdumpfor the traffic to see what's
going on or turn on logging on the dns server and see if the requests
are coming in, etc.

Good luck.

More information about the bind-users mailing list